freeing SSL related memory

Fri, 17 Oct 2014 05:53:27 -0700 


Hello,

We use the below attached C-code (I stripped away any error handlings
etc.) to establish a connection to an IPv6 server, send/read some data
and shutdown the connection again. My question is if the *_free() calls
at  the end are enough or if we have some memory leak not freeing enough
allocated resources? The cycle

        establishSSLconnection()
        sendReceiveData()
        sslEnd()

is not called only once due to the nature of the remote server, without
going into these details.

Thanks in adavance for reading the code and any hints.

        matthias


static int sockFd = -1;
static BIO *bio = NULL;
static SSL_CTX *ctx = NULL;
static SSL *ssl = NULL;
static BIO *buffered_bio = NULL;
static BIO *ssl_bio = NULL;


establishSSLconnection()
{
    ERR_load_BIO_strings();
    SSL_load_error_strings();
    OpenSSL_add_ssl_algorithms();
    ERR_load_crypto_strings();
    ERR_load_SSL_strings();

    /* connect to an IPv6 server */
    getaddrinfo(serverIP, connport, &req, &ans);
    sockFd = socket(ans->ai_family, ans->ai_socktype, ans->ai_protocol);
    connect(sockFd, ans->ai_addr, ans->ai_addrlen);

    /* build SSL context on this socket */
    ctx = SSL_CTX_new(SSLv23_client_method());
    bio = BIO_new_socket(sockFd, BIO_NOCLOSE);
    BIO_ctrl(bio, BIO_C_SSL_MODE, 1, 0);
    ssl = SSL_new(ctx);
    SSL_set_bio(ssl, bio, bio);
    res = SSL_connect(ssl);

    buffered_bio = BIO_new(BIO_f_buffer());
    ssl_bio = BIO_new(BIO_f_ssl());
    BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE);
    BIO_push(buffered_bio, ssl_bio);

}


sendReceiveData(buf)
{

    i = BIO_puts(buffered_bio, buf);
    rc = BIO_flush(buffered_bio);

    memset(&buf, 0, sizeof(buf));
    rc = BIO_gets(buffered_bio, buf, 1024 * 10);
    sslError = SSL_get_error(ssl, rc);

    switch (sslError) {
            ...
    }
}

sslEnd()
{

    shutdown(sockFd, SHUT_RDWR);
    close(sockFd);
    sockFd = -1;

    ssl_bio = NULL;
    buffered_bio = NULL;
    bio = NULL;
    
    if (ctx != NULL) {
        SSL_CTX_free(ctx);
        ctx = NULL;
    }
    if (ssl != NULL) {
        SSL_free(ssl);
        ssl = NULL;
    }
}


-- 
Matthias Apitz               |  /"\   ASCII Ribbon Campaign:
E-mail: g...@unixarea.de     |  \ /   - No HTML/RTF in E-mail
WWW: http://www.unixarea.de/ |   X    - No proprietary attachments
phone: +49-170-4527211       |  / \   - Respect for open standards
                             | en.wikipedia.org/wiki/ASCII_Ribbon_Campaign
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to